[ubuntu/jammy-security] linux-azure 5.15.0-1094.103 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Aug 18 21:55:59 UTC 2025
linux-azure (5.15.0-1094.103) jammy; urgency=medium
* jammy/linux-azure: 5.15.0-1094.103 -proposed tracker (LP: #2117568)
* Additional MANA patch support, kernel 5.15 and later (LP: #2115356)
- net: mana: Set tx_packets to post gso processing packet count
- net: mana: Support holes in device list reply msg
- net: mana: Add support for Multi Vports on Bare metal
- net: mana: Add handler for hardware servicing events
* vhci-hcd and usbip-core not available (LP: #2115827)
- [Config] azure: Revert to -generic config for CONFIG_USBIP_VHCI_HCD and
CONFIG_USBIP_CORE
[ Ubuntu: 5.15.0-152.162 ]
* jammy/linux: 5.15.0-152.162 -proposed tracker (LP: #2117618)
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: add z16 elf platform
- s390: Add z17 elf platform
* Jammy update: v5.15.185 upstream stable release (LP: #2115240)
- dma-mapping: avoid potential unused data compilation warning
- cgroup: Fix compilation issue due to cgroup_mutex not being exported
- net: enetc: refactor bulk flipping of RX buffers to separate function
- bpf: fix possible endless loop in BPF map iteration
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
- kconfig: merge_config: use an empty file as initfile
- NFSv4: Check for delegation validity in
nfs_start_delegation_return_locked()
- tracing: Mark binary printing functions with __printf() attribute
- mailbox: use error ret code of of_parse_phandle_with_args()
- fbdev: fsl-diu-fb: add missing device_remove_file()
- fbcon: Use correct erase colour for clearing in fbcon
- fbdev: core: tileblit: Implement missing margin clearing for tileblit
- NFSv4: Treat ENETUNREACH errors as fatal for state recovery
- SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
- SUNRPC: rpcbind should never reset the port to the value '0'
- thermal/drivers/qoriq: Power down TMU on system suspend
- dql: Fix dql->limit value when reset.
- lockdep: Fix wait context check on softirq for PREEMPT_RT
- PCI: dwc: ep: Ensure proper iteration over outbound map windows
- tools/build: Don't pass test log files to linker
- pNFS/flexfiles: Report ENETDOWN as a connection error
- PCI: vmd: Disable MSI remapping bypass under Xen
- mmc: host: Wait for Vdd to settle on card power off
- wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
- i2c: qup: Vote for interconnect bandwidth to DRAM
- i2c: pxa: fix call balance of i2c->clk handling routines
- btrfs: make btrfs_discard_workfn() block_group ref explicit
- btrfs: avoid linker error in btrfs_find_create_tree_block()
- btrfs: get zone unusable bytes while holding lock at
btrfs_reclaim_bgs_work()
- btrfs: send: return -ENAMETOOLONG when attempting a path that is too
long
- i3c: master: svc: Fix missing STOP for master request
- dlm: make tcp still work in multi-link env
- um: Store full CSGSFS and SS register from mcontext
- um: Update min_low_pfn to match changes in uml_reserved
- ext4: reorder capability check last
- scsi: st: Tighten the page format heuristics with MODE SELECT
- scsi: st: ERASE does not change tape location
- vfio/pci: Handle INTx IRQ_NOTCONNECTED
- tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
- rtc: rv3032: fix EERD location
- ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
- kbuild: fix argument parsing in scripts/config
- crypto: octeontx2 - suppress auth failure screaming due to negative
tests
- dm: restrict dm device size to 2^63-512 bytes
- xen: Add support for XenServer 6.1 platform device
- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
- posix-timers: Add cond_resched() to posix_timer_add() search loop
- timer_list: Don't use %pK through printk()
- netfilter: conntrack: Bound nf_conntrack sysctl writes
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
- mmc: sdhci: Disable SD card clock before changing parameters
- ipv6: save dontfrag in cork
- auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
hd44780_common"
- ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
- cpufreq: tegra186: Share policy per cluster
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
- powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
- tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
- rtc: ds1307: stop disabling alarms on probe
- ieee802154: ca8210: Use proper setters and getters for bitwise types
- ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
- media: c8sectpfe: Call of_node_put(i2c_bus) only once in
c8sectpfe_probe()
- remoteproc: qcom_wcnss: Handle platforms with only single power domain
- drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
- pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
- net: ethernet: ti: cpsw_new: populate netdev of_node
- net: pktgen: fix mpls maximum labels list parsing
- ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
- media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
- clk: imx8mp: inform CCF of maximum frequency of clocks
- x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
- hwmon: (gpio-fan) Add missing mutex locks
- ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
- fpga: altera-cvp: Increase credit timeout
- PCI: brcmstb: Expand inbound window size up to 64GB
- PCI: brcmstb: Add a softdep to MIP MSI-X driver
- net/mlx5: Avoid report two health errors on same syndrome
- selftests/net: have `gro.sh -t` return a correct exit code
- drm/amdkfd: KFD release_work possible circular locking
- net: xgene-v2: remove incorrect ACPI_PTR annotation
- bonding: report duplicate MAC address in all situations
- soc: ti: k3-socinfo: Do not use syscon helper to build regmap
- x86/build: Fix broken copy command in genimage.sh when making isoimage
- drm/amd/display: handle max_downscale_src_width fail check
- x86/nmi: Add an emergency handler in nmi_desc & use it in
nmi_shootdown_cpus()
- cpuidle: menu: Avoid discarding useful information
- libbpf: Fix out-of-bound read
- x86/kaslr: Reduce KASLR entropy on most x86 systems
- MIPS: Use arch specific syscall name match function
- MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core
- clocksource: mips-gic-timer: Enable counter when CPUs start
- scsi: mpt3sas: Send a diag reset if target reset fails
- wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
- wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
- EDAC/ie31200: work around false positive build warning
- RDMA/core: Fix best page size finding when it can cross SG entries
- can: c_can: Use of_property_present() to test existence of DT property
- eth: mlx4: don't try to complete XDP frames in netpoll
- PCI: Fix old_size lower bound in calculate_iosize() too
- ACPI: HED: Always initialize before evged
- net/mlx5: Modify LSB bitmask in temperature event to include only the
first bit
- net/mlx5: Apply rate-limiting to high temperature warning
- ASoC: ops: Enforce platform maximum on initial value
- ASoC: tas2764: Power up/down amp on mute ops
- ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
- pinctrl: devicetree: do not goto err when probing hogs in
pinctrl_dt_to_map
- smack: recognize ipv4 CIPSO w/o categories
- media: v4l: Memset argument to 0 before calling get_mbus_config pad op
- net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
- phy: core: don't require set_mode() callback for phy_get_mode() to work
- drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
- drm/amd/display: Initial psr_version with correct setting
- net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
- net/mlx5e: set the tx_queue_len for pfifo_fast
- net/mlx5e: reduce rep rxq depth to 256 for ECPF
- wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
- wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
- arch/powerpc/perf: Check the instruction type before creating sample
with perf_mem_data_src
- ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
- r8152: add vendor/device ID pair for Dell Alienware AW1022z
- wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
- clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs
- hwmon: (xgene-hwmon) use appropriate type for the latency value
- media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is
available
- r8169: don't scan PHY addresses > 0
- rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
- rcu: fix header guard for rcu_all_qs()
- net/mana: fix warning in the writer of client oob
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
- scsi: st: Restore some drive settings after reset
- HID: usbkbd: Fix the bit shift number for LED_KANA
- drm/ast: Find VBIOS mode from regular display size
- bpftool: Fix readlink usage in get_fd_type
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
- wifi: rtw88: Don't use static local variable in
rtw8822b_set_tx_power_index_by_rate
- spi: zynqmp-gqspi: Always acknowledge interrupts
- regulator: ad5398: Add device tree support
- wifi: ath9k: return by of_get_mac_address
- drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
- drm: Add valid clones check
- ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()
- pinctrl: meson: define the pull up/down resistor value as 60 kOhm
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
- xenbus: Allow PVH dom0 a non-local xenstore
- remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
- xfrm: Sanitize marks before insert
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level
- bridge: netfilter: Fix forwarding of fragmented packets
- net: dwmac-sun8i: Use parsed internal PHY address instead of 1
- octeontx2-af: Set LMT_ENA bit for APR table entries
- llc: fix data loss when reading from a socket in llc_ui_recvmsg()
- drm/edid: fixed the bug that hdr metadata was not reset
- memcg: always call cond_resched() after fn()
- mm/page_alloc.c: avoid infinite retries caused by cpuset race
- Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
- spi: spi-fsl-dspi: restrict register range for regmap access
- spi: spi-fsl-dspi: Halt the module after a new message transfer
- spi: spi-fsl-dspi: Reset SR flags before sending a new message
- kbuild: Disable -Wdefault-const-init-unsafe
- i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work()
- xen/swiotlb: relax alignment requirements
- drm/i915/gvt: fix unterminated-string-initialization warning
- x86/its: Fix undefined reference to cpu_wants_rethunk_at()
- smb: client: Reset all search buffer pointers when releasing buffer
- arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node
- coredump: fix error handling for replace_fd()
- pid: add pidfd_prepare()
- fork: use pidfd_prepare()
- coredump: hand a pidfd to the usermode coredump helper
- HID: quirks: Add ADATA XPG alpha wireless mouse support
- nfs: don't share pNFS DS connections between net namespaces
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
- um: let 'make clean' properly clean underlying SUBARCH as well
- spi: spi-sun4i: fix early activation
- nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
- tpm: tis: Double the timeout B to 4s
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
- platform/x86: thinkpad_acpi: Ignore battery threshold change event
notification
- perf/arm-cmn: Initialise cmn->cpu earlier
- Linux 5.15.185
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38051
- smb: client: Fix use-after-free in cifs_fill_dirent
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38030
- Revert "drm/amd: Keep display off while going into S4"
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38077
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in
current_password_store()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38078
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38003
- can: bcm: add missing rcu read protection for procfs content
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38004
- can: bcm: add locking for bcm_op runtime updates
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38031
- padata: do not leak refcount in reorder_work
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38079
- crypto: algif_hash - fix double free in hash_accept
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38052
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38058
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38034
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38035
- nvmet-tcp: don't restore null sk_state_change
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38037
- vxlan: Annotate FDB data races
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38061
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38043
- firmware: arm_ffa: Set dma_mask for ffa devices
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38044
- media: cx231xx: set device_caps for 417
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38065
- orangefs: Do not truncate file size
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38066
- dm cache: prevent BUG_ON by blocking retries on failed device resumes
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38068
- crypto: lzo - Fix compression buffer overrun
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38072
- libnvdimm/labels: Fix divide error in nd_label_data_init()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38048
- virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38075
- scsi: target: iscsi: Fix timeout on deleted connection
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
* raid10: block discard causes a NULL pointer dereference after
5.15.0-144-generic (LP: #2117395)
- md: move initialization and destruction of 'io_acct_set' to md.c
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-2024-50073
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
linux-azure (5.15.0-1093.102) jammy; urgency=medium
* jammy/linux-azure: 5.15.0-1093.102 -proposed tracker (LP: #2114531)
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- cifs: fix integer overflow in match_server()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
[ Ubuntu: 5.15.0-144.157 ]
* jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
* cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
- cifs: fix NULL ptr dereference in refresh_mounts()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- tracing: probes: Fix a possible race in trace_probe_log APIs
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- nfs: handle failure of nfs_get_lock_context in unlock path
- spi: loopback-test: Do not split 1024-byte hexdumps
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- x86,nospec: Simplify {JMP,CALL}_NOSPEC
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable ITS mitigation
- x86/alternative: Optimize returns patching
- x86/alternatives: Remove faulty optimization
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- btrfs: fix discard worker infinite loop after disabling discard
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- wifi: mt76: disable napi on driver removal
- dmaengine: ti: k3-udma: Add missing locking
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- block: fix direct io NOWAIT flag not work
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- selftests/mm: compaction_test: support platform with huge mount of
memory
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
- netfilter: nf_tables: wait for rcu grace period on net_device removal
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
- Linux 5.15.184
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49063
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49168
- btrfs: do not clean up repair bio if submit fails
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-46751
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-53203
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-35790
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default
device attribute group
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
output (LP: #2107516)
- SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
device"
* Jammy update: v5.15.183 upstream stable release (LP: #2111705)
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- gre: Fix again IPv6 link-local address generation.
- can: gw: use call_rcu() instead of costly synchronize_rcu()
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- iio: adc: ad7606: fix serial register access
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- usb: uhci-platform: Make the clock really optional
- module: ensure that kobject_put() is safe for module type kobjects
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- usb: typec: ucsi: displayport: Fix NULL pointer access
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- types: Complement the aligned types with signed 64-bit one
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- do_umount(): add missing barrier before refcount checks in sync case
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Linux 5.15.183
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Jammy update: v5.15.182 upstream stable release (LP: #2111618)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- ice: Refactor promiscuous functions
- net: dlink: Correct endianness handling of led_mode
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: add support for external loopback test
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: hns3: fix deadlock issue when externel_lb and reset are executed
together
- ARM: dts: opos6ul: add ksz8081 phy properties
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- irqchip/gic-v2m: Add const to of_device_id
- irqchip/gic-v2m: Mark a few functions __init
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- dm: fix copying after src array boundaries
- Linux 5.15.182
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2022-21546
- scsi: target: Fix WRITE_SAME No Data Buffer crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-26739
- net/sched: act_mirred: don't override retval if we already lost the skb
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-21839
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining
ones
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- umount: Allow superblock owners to force umount
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ASoC: fsl_audmix: register card device depends on 'dais' property
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- pwm: rcar: Simplify multiplication/shift logic
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: Add endian modifiers to fix endian warnings
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- media: streamzap: prevent processing IR data on URB failure
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- i3c: master: svc: Use readsb helper for reading MDB
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- sparc/mm: disable preemption in lazy mmu mode
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- crypto: ccp - Fix check for the primary ASP device
- dm-integrity: set ti->error on memory allocation failure
- gpio: zynq: Fix wakeup source leaks on device unbind
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly
- scsi: hisi_sas: Pass abort structure for internal abort
- scsi: hisi_sas: Factor out task prep and delivery code
- scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
- scsi: libsas: Delete lldd_clear_aca callback
- scsi: libsas: Add struct sas_tmf_task
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- net: b53: enable BPDU reception for management port
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- riscv: Properly export reserved regions in /proc/iomem
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- Revert "PCI: Avoid reset when disabled via sysfs"
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: move nfs_fhandle_hash to common include file
- nfs: add missing selections of CONFIG_CRC32
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- riscv: Avoid fortify warning in syscall_get_arguments()
- tracing: Fix filter string testing
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- KVM: arm64: Get rid of host SVE tracking/saving
- KVM: arm64: Always start with clearing SVE flag on load
- KVM: arm64: Discard any SVE state when entering KVM guests
- arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
- arm64/fpsimd: Have KVM explicitly say which FP registers to save
- arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting IPV6_V6ONLY
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- x86/pvh: Call C code via the kernel virtual mapping
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- Revert "smb: client: fix use-after-free bug in
cifs_debug_data_proc_show()"
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
- blk-cgroup: support to track if policy is online
- net: openvswitch: fix race on port output
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- mm: fix apply_to_existing_page_range()
- module: sign with sha512 instead of sha1 by default
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
- media: streamzap: no need for usb pid/vid in device name
- media: streamzap: less chatter
- media: streamzap: remove unused struct members
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- soc: samsung: exynos-chipid: avoid soc_device_to_device()
- soc: samsung: exynos-chipid: Pass revision reg offsets
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- backlight: led_bl: Convert to platform remove callback returning void
- cifs: print TIDs as hex
- cifs: fix integer overflow in match_server()
- gpio: tegra186: Force one interrupt per bank
- gpio: tegra186: fix resource handling in ACPI probe path
- Revert "PCI: Coalesce host bridge contiguous apertures"
- PCI: Coalesce host bridge contiguous apertures
- PCI: Assign PCI domain IDs by ida_alloc()
- ksmbd: Prevent integer overflow in calculation of deadtime
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- kmsan: disable strscpy() optimization under KMSAN
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- drm/msm/a6xx: Improve gpu recovery sequence
- drm/msm/a6xx: Handle GMU prepare-slumber hfi failure
- drm/msm/a6xx: Avoid gx gbit halt during rpm suspend
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- virtio_console: fix missing byte order handling for cols and rows
- net: selftests: initialize TCP header and skb payload with zero
- drm/amd/display: Fix gpu reset in multidisplay config
- KVM: SVM: Allocate IR data using atomic allocation
- USB: storage: quirk for ADATA Portable HDD CH94
- mei: me: add panther lake H DID
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- MIPS: cm: Detect CM quirks from device tree
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- ntb: reduce stack usage in idt_scan_mws
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- nvme: requeue namespace scan on missed AENs
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: re-read ANA log page after ns scan completes
- objtool: Stop UNRET validation on UD2
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- nvmet-fc: put ref when assoc->del_work is already scheduled
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: pm80xx: Set phy_attached to zero when device is gone
- loop: aio inherit the ioprio of original request
- ubsan: Fix panic from test_ubsan_out_of_bounds
- md/raid1: Add check for missing source disk in process_checks()
- jfs: define xtree root and page independently
- comedi: jr3_pci: Fix synchronous deletion of timer
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- MIPS: cm: Fix warning if MIPS_CM is disabled
- nvme: fixup scan failure for non-ANA multipath controllers
- PCI: Fix use-after-free in pci_bus_release_domain_nr()
- PCI: Fix dropping valid root bus resources with .end = zero
- PCI: Release resource invalidated by coalescing
- Linux 5.15.181
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49989
- drm/amd/display: fix double free issue during amdgpu module unload
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50125
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-49535
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35943
- pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-26686
- fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-48893
- drm/i915/gt: Cleanup partial engine discovery failures
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50280
- dm cache: fix flushing uninitialized delayed_work on cache_ctr error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-54458
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-42322
- ipvs: properly dereference pe in ip_vs_add_service
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49960
- ext4: fix timer use-after-free on failed mount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-36908
- blk-iocost: do not WARN if iocg was already offlined
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-53128
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46742
- smb/server: fix potential null-ptr-deref of lease_ctx_info in
smb2_open()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52572
- cifs: Fix UAF in cifs_demultiplex_thread()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46816
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
max_links
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46774
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-38540
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-27402
- phonet/pep: fix racy skb_queue_empty() use
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50272
- filemap: Fix bounds checking in filemap_read()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50258
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-56751
- ipv6: release nexthop on device removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-0927 has been rejected. Revert this fix and apply upstream fix
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37871
- nfsd: decrease sc_count directly if fail to queue dl_recall
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-2025-37750
- smb: client: fix UAF in decryption with multichannel
* CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-2024-50047
- smb: client: fix UAF in async decryption
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
Date: 2025-07-25 21:30:13.632898+00:00
Changed-By: John Cabaj <john-cabaj at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1094.103
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list